-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Pid,
On 3/26/12 11:07 AM, Pid wrote: > On 26/03/2012 15:46, Witoslaw Koczewski wrote: >> >> Is there perhaps a central place in the Tomcat source code where >> the switch is evaluated, so I can rename it or hard-code it to >> "false"? > > No. The access controls are distributed in the code. Nor would it help. Tomcat isn't just doing those checks because it's playing nice: those checks (really attempts, not checks) are required in order to work under a SecurityManager. If those privileges actions weren't being used, those actions wouldn't work, anyway. Seriously, there's nothing Tomcat can do about this: you have to tweak the policy under which WebStart launches the JVM. I have no idea how to do that. You may not even be able to do that, otherwise a WebStart application could simply assert its rights to do anything it wanted, like delete all the files off your hard disk, or email a copy of your /etc/passwd file to the developer. WebStart runs under a SecurityManager to protect the user from things it doesn't want to allow. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk9wmHoACgkQ9CaO5/Lv0PA0JACcDcB0tpqBnJrOoKWx2aCy6GkU /HkAniTuTBP7Ly7x6RSTuyVl37kcAszQ =xtcD -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
